Information notice for customers and suppliers on the processing and the protection of personal data (art 13 of the EU Regulation 679/2016)
This information notice describes the processing of personal data gathered within the scope of contractual or pre-contractual relationships between our company and you or your company/enterprise/organisation and it is made pursuant to Article 13 of the EU Regulation n. 679/3016 (hereinafter “GDPR”) and to the applicable national legislation on privacy and personal data protection.
- THE IDENTITY AND THE CONTACT DETAILS OF THE CONTROLLER
The Controller of your personal data is SIRENA S.p.a., based in C.so Moncenisio 5 – 10090 ROSTA (TO), recorded in the Register of Companies of Turin, R.E.A. 487901, E-mail: firstname.lastname@example.org (hereinafter “Controller”)
If the Controller appoints processors or sub-processors in accordance with Article 28 GDPR, their updated list is kept at the Controller’s registered office.
- WHICH TYPES OF PERSONAL DATA WE PROCESS
The types of personal data that we process depend on the purposes for which they are collected.
In general, we are allowed to directly collect the following types of personal data:
A) contact details such as name, surname, e-mail address, certified electronic mail address, address, city, telephone number;
B) data concerning your corporate and entrepreneurial organisation such as identity and contact details pertaining to stakeholders, administrators, employees collaborators and consultants.
C) banking data and tax identification
D) data provided directly from you through communications or attachments to communications;
Hereinafter “Personal Data”
- WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
The processing of your personal data by the Controller takes place:
A) without your express consent (art. 6, lett. b) – f) GDPR) for the following purposes:
- to conclude contracts with the Controller.
- To comply with pre-contractual, contractual and tax obligations arising from existing relationships.
- To fulfil the obligations established by law, by a regulation, by the European legislation or by Authority order.
- To pursue a legitimate interest of the Controller or of third parties, provided that they do not override your interests or your rights and fundamental freedoms requiring personal data protection (e.g. the Controller’s right of defense of legal claims).
B) Only under your prior specific and distinct consent (art. 6, lett. a) and art. 7 GDPR), for the following marketing purposes:
- sending via e-mail, postal service and/or text messages and/or phone contacts, newsletter, commercial communications and/or advertising material on goods and services offered by the Controller and the measurement of the satisfaction degree on the services’ quality.
- Sending via e-mail, postal service and/or text messages and/or phone contacts commercial and/or promotional communications of third parties (e.g. business partner).
If you have denied your consent it will not be possible to carry out the aforementioned activities and, in any case, if you have expressed your consent to the processing activities, you will have the right to withdraw your given consent at any time.
- FOR HOW LONG WE RETAIN AND PROCESS YOUR PERSONAL DATA
Your personal data shall be processed by the Controller only for the time necessary to fulfil the processing purposes as referred to in the above mentioned article 3, and then they shall be retained only in accordance with the legal obligations in force on this matter, for administrative purposes and/or to ensure and protect a given right and, in any case, no further than the deadlines set up by the legislation for the prescription of rights.
In particular, for marketing purposes, the User’s Personal Data are retained by the Controller for no longer than 2 years.
- HOW WE PROCESS YOUR PERSONAL DATA.
Personal Data are processed on both paper and electronic and/or automated means for the period of time necessary to fulfil the purposes for which they are collected by the Controller or by other duly authorised persons and/or persons in charge of these duties, constantly identified and/or appointed, properly trained and informed on law obligations, as well as through the use of appropriate safety measures to ensure the protection of confidentiality and to avoid the risk of loss or damage, unauthorised accesses, unauthorised processing or not in accordance with the aforementioned purposes.
- TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA
For the purposes mentioned above, the gathered personal data concerning you may be accessible or disclosed to:
- employees and collaborators of the Controller, as authorised personnel, within the scope of their respective duties and in accordance with the instructions received. In any case, these persons are subject to confidentiality obligations.
- Third parties carrying out outsourcing activities which are connected, functional or support to those of the Controller (e.g. management softwares and/or cloud marketing).
- All public and/or private entities, natural and/or legal persons (legal, administrative and tax counsel offices, collection agencies, judicial authorities, Chambers of commerce, labour offices, etc.) where the communication is deemed to be necessary or functional to the correct fulfilment of contractual obligations as well as of legal obligations.
- All the entities (Public Authorities included) having access to personal data in accordance with normative and administrative acts; in any case the gathered personal data concerning you shall not be sold or transferred to third parties for marketing purposes and shall not be disclosed.
- TRANSFER OF PERSONAL DATA OUTSIDE THE EU AREA
The process and storage of your Personal Data will take place in Europe. In any case, the Controller, if deemed it necessary, shall have the right to process your Personal Data outside the EU Area (EEA). In such a case, the Controller shall ensure here and now that the extra-EU data transfer takes place in accordance with the applicable law, also by concluding, where necessary, agreements in order to grant a comfortably sufficient level of protection and/or by adopting standard contract terms set up by the European Commission.
- YOUR RIGHTS
Under article 15 et seq. of the GDPR and in accordance with the applicable national privacy and personal data protection legislation, you are entitled to the right:
- to obtain confirmation from the Controller that personal data concerning you are being processed and, in such a case, to obtain access to your personal data as well as to the following information:
- The purposes of the processing
- The categories of personal data concerned
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, with particular regard to third countries recipients or international organisations;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from the data subject, any available information as to their source;
- The existence of automated decision-making, including profiling.
- to obtain from the Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to obtain the completion of incomplete personal data, including by means of providing a supplementary statement.
- To obtain from the Controller the erasure of Personal data concerning you without undue delay, within the limits and in compliance with the applicable law.
- To obtain from the Controller the restriction of processing.
- To receive personal data concerning you provided to the Controller in a structured, commonly used, machine-readable format. You also have the right to data portability and then to transmit these data to another Controller without hindrance from the Controller to which the personal data have been provided where the processing is based on consent or on a contract and it is carried out by automated means.
- To object at any time, on grounds relating to your particular situation, to processing of personal data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or the processing is necessary for the purposes of the legitimate interest pursued by the Controller or third parties.
- If you consider your rights to be infringed by the Controller, you have the right to lodge a complaint with the Autorità Garante per la Protezione dei Dati Personali (piazza Montecitorio 121, 00186 Roma (RM) – www.garanteprivacy.it) and/or with other competent authority in accordance with the GDPR provisions.
The Controller, following the exercise of the rights as referred to in points 2),3) and 4) shall communicate any rectification or erasure or restriction of the processing to each of the recipients to whom the personal data have been disclosed in accordance with the applicable law.
In order to enforce the aforementioned rights against the Controller, you are required to submit a written request by sending a registered mail to Sirena S.p.a – C.so Moncenisio 5, 10090 Rosta (TO) or a certified electronic mail to email@example.com.
This information notice may be modified and updated at any time. If the Controller shall intend to process your Personal Data for purposes other than those for which they were initially collected pursuant to the above mentioned article 3, the Controller, before any further processing, commits to provide appropriate information regarding this different processing to you and to carry out any further processing in accordance with the applicable law, also by gathering your express consent where necessary.
STATEMENT OF ACKNOWLEDGMENT AND CONSENT TO THE PROCESSING OF PERSONAL DATA
Having read this information notice, I, the undersigned, hereby declare that I have taken due note of the information received by the Controller.
I also declare to grant my specific written consent to the processing of my personal data for further marketing purposes and in particular for the fulfilment of direct marketing activities, such as the sending via e-mail, postal service and/or text messages and/or phone contacts, newsletter, commercial communications and/or advertising material on goods and services offered by the Controller or by third parties (e.g. business partner).
□ I grant my consent. □ I do not grant my consent